Hi,
I think we should next address Authentication Mechanism. I propose the
following:
A. Standardize a simple authenticator, by simplifying JASPIC SAM usage:
1. Install a SAM programmatically using a single method call (e.g.
Jaspic.registerServerAuthModule)
2. Install a SAM using an Annotation (e.g. @Authenticator(<SAM class>,
<options>) )
3. Simplify SAM development for servlet based authentication (e.g.
HttpServerAuthModule, HttpMessageContext)
This is represented in the following proposal:
https://github.com/javaee-security-spec/javaee-security-proposals/tree/master/jaspic-http-sam
And the following JIRA:
https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-24
B. Standardized Authentication CDI Events (e.g., PreAuthenticate,
PostAuthenticate, PreLogout, PostLogout)
This is represented in the following proposal:
https://java.net/jira/browse/JASPIC_SPEC-21?jql=project%20%3D%20JASPIC_SPEC
This is in the JASPIC JIRA, but really applies to the container calling
JASPIC.
What do you think? Seems like low-hanging fruit (3 classes, 1
annotation, 4 events) that will significantly simplify and improve EE
authentication.
With regards,
Alex